All,
We would like to have an Editorial Board teleconference during the
week of June 26 through 30. Please let me know your availability.
I'd plan on two hours.
Following are the main topics. Let me know if you think we should
cover any additional topics.
* CVE content activity update
We have been undergoing significant changes in the past year, and
we will be making more changes over the next 6 months. I will
summarize what we've been doing and why, and the implications for
CVE completeness as we continue with our changes.
* Role of entries, candidates, and voting
I haven't proposed any candidates in the past couple years, and
there have been few public comments or complaints on this. At the
time, voting had become very unwieldy for participants anyway, due
to the large number of issues. At this stage, does it still make
sense to distinguish between entries and candidates?
* Ongoing related MITRE work
We will cover some of our ongoing work, which is related to CVE.
Common Configuration Enumeration (CCE) is covering the areas of
security-relevant system configuration, configuration guides, and
to some degree, policies. The Common Weakness Enumeration (CWE) is
an effort at classifying vulnerabilities and other
security-relevant factors, with a current focus on using this to
assess the capabilities of code scanners. If there is sufficient
time and interest, we will provide a brief summary of CIEL, which
is not dead.
* Future role of the Editorial Board
The Editorial Board has been quiet in the past couple years,
primarily due to MITRE's focus on content. Some members have said
that they enjoyed the fruitful discussions/debates from the past.
Voting has not taken place, to minimal outcry. CVE itself has now
reached widespread adoption, so the Board's role as an advocate for
CVE is not necessarily as important as it was in the past. Other
MITRE projects such as CME and OVAL have successfully utilized
multiple groups instead of a single Board. Given these changes,
what role should the Board play in the future?
* Discussion of prospective Board members
MITRE will be revitalizing the Editorial Board by adding new
members. For this round, we will follow the old process of private
nomination by MITRE, along with a period of review and commentary.